Security

Chatend is committed to maintaining customer privacy and takes its security seriously. To that end, there is a Bug Bounty Program to encourage responsible disclosure of any security vulnerabilities.

If you are a security researcher and believe you have found a vulnerability, please submit the following form.

Here are some ideas on where to start:

Most endpoints are protected by a JWT token. Can you find a way to bypass this?
Can you enumerate all the endpoints in the /api path?
There is a separate Web server that runs user code in an isolated environment. Can you find its IP address?
There is a flag.txt file in that server's home directory. Can you read the file and include its contents in the form? This will immediately win a cash prize.

Your Email

Your Explanation

Please explain the steps necessary to reproduce this vulnerability.

IP Address

If you found the IP address of the Web server, please include it here.

Flag

If you found the flag, please include it here.